On Mon, 2021-02-15 at 20:00 +0000, Rowland penny via samba wrote:> On 15/02/2021 19:56, Andrew Bartlett wrote: > > On Mon, 2021-02-15 at 16:37 +0000, Rowland penny via samba wrote: > > > On 15/02/2021 15:48, Francesc Guasch wrote: > > > > > > > On Mon, Feb 15, 2021 at 02:06:52PM +0000, Rowland penny via > > > > samba > > > > wrote: > > > > Hi Rowland. Thanks for anwering me. > > > > > On 15/02/2021 12:39, Francesc Guasch via samba wrote: > > > > > > Hi. I have a samba server that suddenly gets smbd > > > > > > processes at 100% and becomes unusable. > > > > > > This is samba release 2:4.9.5+dfsg-5+deb10u1 > > > > > > [IPC$] > > > > > > path = /tmp > > > > > > hosts deny = 0.0.0.0/0 > > > > > Why have you created a hidden share called 'IPC' ? > > > > I don't know it has been here for ages. > > > > > > > > > I would remove it, Samba creates it by default without it being > > > in > > > smb.conf. > > This looks like our published mitigation for a very old Samba > > security > > issue. > > How old and published where ? > > I do not recall seeing this.Very long before your time with us. https://www.samba.org/samba/history/samba-2.2.8.html Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions
On 15/02/2021 20:12, Andrew Bartlett wrote:> On Mon, 2021-02-15 at 20:00 +0000, Rowland penny via samba wrote: >> On 15/02/2021 19:56, Andrew Bartlett wrote: >>> On Mon, 2021-02-15 at 16:37 +0000, Rowland penny via samba wrote: >>>> On 15/02/2021 15:48, Francesc Guasch wrote: >>>> >>>>> On Mon, Feb 15, 2021 at 02:06:52PM +0000, Rowland penny via >>>>> samba >>>>> wrote: >>>>> Hi Rowland. Thanks for anwering me. >>>>>> On 15/02/2021 12:39, Francesc Guasch via samba wrote: >>>>>>> Hi. I have a samba server that suddenly gets smbd >>>>>>> processes at 100% and becomes unusable. >>>>>>> This is samba release 2:4.9.5+dfsg-5+deb10u1 >>>>>>> [IPC$] >>>>>>> path = /tmp >>>>>>> hosts deny = 0.0.0.0/0 >>>>>> Why have you created a hidden share called 'IPC' ? >>>>> I don't know it has been here for ages. >>>> >>>> I would remove it, Samba creates it by default without it being >>>> in >>>> smb.conf. >>> This looks like our published mitigation for a very old Samba >>> security >>> issue. >> How old and published where ? >> >> I do not recall seeing this. > Very long before your time with us. > > https://www.samba.org/samba/history/samba-2.2.8.html > > Andrew Bartlett >Wow, a smb.conf that seemingly hasn't been updated for 18 years, words fail me ? Rowland